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Today’s Agenda 


" Introductions and roles 

" IBM’s approach to Workplace for Business Controls and 
Reporting (WBCR) 

■ Overview/ Demo of IBM’s Workplace for Business Controis and 
Reporting Soiution 

■ IBM WBCR Advantage / Differentiators 


Next Steps 





IBM Workplace for Business Controls & Reporting 


IBM Workplace for Business Controls and Reporting 

■ A standards based solution intended to help companies address a 
wide range of business control related problems. 

■ Designed to help companies with general controls management. 

■ Supports an open control framework including COSO-IC, CoBIT 
and other internal control frameworks. 

■ When combined with traditional decision analysis tools for risk 
management provides a broader perspective on decision making. 


WBCR 




I 11 Operational H Strategic H Compliance H Reporting 

Standards based Business Controls Platform (COSO, COSO-ERM, CobiT...) 
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Compliance Program Lifecycle 



Unreliable 


Survive 


Thrive 


IBM Workplace Business Controls & Reporting 
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Control Management is not a simple task ... 


■ Long-term success requires: 

- Development and implementation of new business 
processes 

- Collaboration of activities, documentation and testing 
across multiple disciplines and physical locations 

- Manage content across many organizations, multiple 
reporting periods and years 

- Archiving and record retention to support regulatory 
reviews/ requirements. 

- Provide reporting complex relationships between 
risks, controls and financial accounts 


IBM Workplace Business Controls & Reporting 
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Workplace for Business Controls and Reporting 



WebSphere Portal Server 

(User Interface) 

Workplace Assessment 

(Scope / Document / Evaluate) 

Team Collaboration 

(Document & Project Management) 

Content Manager 

(Data Repository) 

Instant Messaging 

( Communication) 


Reporting 

(Alpha- Blox) 


On -Line Surveys 
(e-forms) 



IBM Workplace Business Controls & Reporting 
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IBM WBCR Key Features 


■ Executive dashboard 

■ Survey capability 

■ Robust Reporting capability 

■ Versioning and archiving 

■ Roles and Security 

■ Organization Movement / Reorganization 

■ Controls Execution Information 

■ Support for manual and automated controls 

■ Samples and Remediation 

■ Certification 

■ Document attachment/ URL links 

■ Global Shared Controls 

■ Email notifications 

■ Export Reports to Excel Spreadsheets and PDF 

■ Label Management and Configuration 

■ Support for financial and non-financial controls 

■ Link to Financial Values 

■ Dynamic Updates 

■ Customized Reporting and Management Support 
- Full Audit Trail 

■ Collaboration tools in support of test and remediation processes 


IBM Workplace Business Controls & Reporting 
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WBCR-- Support for Key SOX Sections 


Section 

Requirement 

WBCR Support 

302 

Quarterly certification of 
financial statement filings 

Support via control management 
functionality by setting up financial 
statement certifications as a control 

Quarterly disclosures on 
effectiveness of internal 
controls 

Support via control documentation, 
certification and status reporting 

404 

Annual attestation of 
effectiveness and changes in 
internal controls 

Support via control documentation, 
certification and status reporting 

409 

Real time (4 business days) 
filing for material events 

Support via portal based electronic form 
with self directed workflows 

802 

Record retention 

Support via archiving capabilities 
(additional support is available via IBM 
content management and 
archiving/retrieval solutions) 
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Multiple Control Types 



Reporting 

Operational 

IT 

Controls that 

Controls that 

Controls that 

relate to the 

relate to the 

relate to the 

accuracy of 

effectiveness and 

effectiveness 

financial and 

efficiency of the 

and efficiency 

non-financial 

entity's operations, 

of a company’s 

management 

reporting 

including 
performance and 
profitability goals, 
they vary based 
on management’s 
choices about 
structure and 
performance 

IT operations 



s 


Compliance 

Strategic 

Controls established 

Controls that 

to ensure that 

relate to high- 

companies comply 

level goals, 

with all applicable 

aligned with and 

laws and regulations 

supporting the 

as a minimum 

entity's 

standard of 
behavior. Controls 
also need to ensure 
that all laws and 
regulations that 
impact the 
enterprise are 
considered 

mission/vision 
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WBCR-- Supporting Multiple Control Initiatives 


Description 

IT Governance 

SOX 

HIPAA 


Business 

Unit/Functional 

Group 

IT 

Finance 

Healthcare 

Risk Management 

Process 

Security 

Accounts 

Receivable 

Send / receive claims 
from parties, 
providers, institutions 

Credit Risk 

Sub Process 

Application Data Access 

Billing 

Data translation to 
appropriate HIPAA 
format 

Loan Applications / 

Lending 

Objective 

Provide consistent and 
appropriate end user 
access to business 
applications 

All billing 
Transactions 
recorded in Gen 
Ledger accurately 

Ensure proper 
exchange of healthcare 
information with other 
agencies & government 

Determine credit viability 
of particular loan 
applicant 

Risk 

End users have access 
to systems and/or data 
that they should not 

Revenue under or 
overstated 

Forms rejected 
incorrect format 

Can’t adequately assess 
the risk: and person 
defaults on loan 

Control 

Utilize standard security 
access software across 
all business applications 

All users Passwords are 
changed every 90 days 

Reconcile control 
totals for revenue 
to general ledger 
interface 

Forms not sent in the 
proper format 

Each loan application 
must go through credit 
check 



















IBM & Market Analyst Alignment 

• IDC 

Afiaiyze the Future 

"With its depth of infrastructure supporting the business controls 
solution, IBM is well positioned to help organizations not only meet 
current challenges but extend these efforts to generate real 
corporate value. IBM should balance helping customers meet short¬ 
term needs with a broader vision, because the emergence of a 
compliance platform is still a vision for many organizations and 
must be aligned with meeting immediate commitments. In the long 
term, the IBM strategy will clearly provide one of the most 
comprehensive and flexible solutions that will enable organizations 
to grow from compliance to governance and build on their 

investments." 




helping Business Thrive 

On Technology Change 


Sarbanes-Oxley Solutions - Invest or Pay Later, Hybrid Applications Emerge For Internal Controls Compliance 
by Paul Hamerman, Robert Markham, with Laurie M. Orlov, Colin Teubner 


• Seek software that extends beyond Sarbanes-Oxley. 

• Build a compliance technology infrastructure. 

• Make your compliance process collaborative 

• Electronic Content Management 

• Routine Part of Doing Business 


Gartner 

“Managing regulations on a one- 
off basis will cost 10 times more 
than a more proactive, framework 
approach”... “public companies 
that adopt a comprehensive 
compliance management 
architecture will spend 50% less 
per year than those that don't: 


PfKemTERH0Us^(00PERS § 


“an integrated approach to Governance, 
Risk and Compiiance management can 
improve a companies reputation vaiue by 
23%, empioyee retention by 10% and 
revenue by 8%.” 
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Gartner has published their first ever assessment of SW vendors in the financial compliance market. While Gartner 
has never placed a vendor in the leadership quadrant in the first year of a Magic Quadrant evaluation, IBM has 
come extremely close in 2005 and has moved to the head of the pack in the evaluation. 
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IBM Workplace Business Controls & Reporting 
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Case Study: Business Control Software At WestJet 
Airlines-- Compliance Week 04/25/05 


DETAILS 

THE COMPANY 

THE CHALLENGE 

SOLUTION CHOSEN 

Company 

HQ 

Employees 
Industry 
'04 Rev. 

'04 Net 

WestJet Airlines 
Calgary^ Canada 
5,000 

Aviation 
$873.8 million 
($14.2 million) 

WestJet Airlines, a discount 
carrier in Canada, needed an IT 
system to capture its operational 
and controls data so the company 
could comply with Canada's 
version of the Sarbanes-Oxley 

Act. 

IBM's Workplace for Business 
Controls and Reporting, which 
Cory Wells, WestJet's director of 
audit and advisory services, 
estimates cost the airline between 
$100,000 and $200,000. 


■“We had the opportunity to test the product before making our purchase decision, which was very important to us. At the end 
of that exercise, we were convinced that IBM Workplace for Business Controls and Reporting could help us meet the Canadian 
Multilateral Instrument 52-109/111 financial governance requirements,” said Corey Wells, WestJet’s Director, Audit & Advisory 
Services. 

“Specifically, the product's structure, flexibility and ease of use, along with IBM's commitment to developing a world-class 
product were all key factors in our decision. Additionally, the product supports both the COSO and CobiT frameworks, allowing 
us to capture both financial and IT controls within one platform. Ultimately, we believe that this product will substantially reduce 
the complexity of our business controls management infrastructure, resulting in both time and cost savings,” said Wells. 
■Workplace beat the other competitors because of its flexibility, ease of use, affordability, ability to influence the direction of the 
product and its documentation functionality. Wells says. "It allows us to centralize our documentation in a way that is consistent 
with the requirements set forth, allowing for continued sustainment beyond initial compliance," he adds. 

■The utilization of Workplace has resulted in significant time savings for WestJet. "From a time perspective," Wells explains, 
"the ability to push out the documentation to our process owners while maintaining consistency and quality is a tremendous 
benefit." In addition, WestJet intends to use the tool to house operational information that "will allow our process owners to 
create process efficiencies and cost savings, instead of just focusing on compliance," he adds. "The flexibility of IBM's 
Workplace product allows us to create value for the organization beyond compliance." 
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Huntington National Bank #Hunlington 

Banking. Investments. Insurance. 

Customer: 

■ Huntington National Bank is a $30 billion regional bank holding company with 300+ US offices. 

Business Need: 

■ To monitor internal controls for financial reporting to meet new legislation (SOX 404) 

■ A solution that can help streamline the bank’s internal controls & reporting processes 

Solution: IBM Lotus Workplace for Business Controls and Reporting 

■ Based on open standards so the software fit easily into the bank's existing architecture. 

■ Solution builds on a key component of Huntington National Bank's technology strategy - the IBM Lotus suite of 
software - extending existing investments and reflecting the bank's focus on long-term needs as opposed to one-time 
solutions. 

■ IBM Software Services for Lotus is providing services to install the test and production environments and train users, 
and IBM business partner KPMG contributes its industry expertise to the solution as well, by providing advisory 
services to Huntington's business executives. 

■ Initially, the reporting solution will support 50 users - a number expected to grow to 100 or more in 2005. 


"We wanted something robust and functional that would be supported and enhanced by a legitimate vendor 
going forward. Having IBM as that provider gave everyone a great sense of comfort. The product is functionally 
rich and the pricing was competitive. A bit of a no-brainer really." 

"David Sewalk, Senior Vice President, Business Solutions Development, Huntington National Bank 






WBCR- Control Management Process Flow 


Define Control 
Organization 
Structure and 
Establish 
Accountability 


Graphical and 
text based 
reporting on 
scope definitions, 
documentation 
results and 
evaluation status 




Control 

Management 


Report 


Document 
Processes, 
Objectives, 
Risks and 
Controls 



Document and 
execute test 
procedures 
and evaluate 
control 
effectiveness 
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IBM Workplace for Business Controls and Reporting 
Software Methodology- Version 2.6 
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Scope 

Mirror” YOUR Corporate Structure 
Define Organization 
Define Financial Reports 
Assign Owners 


^ t Parent Company 



Manage Processes / Sub-Processes by 
Business Unit(s) 

Role-Based Security Model 
Read/Write Access Rights 
Users Only See Their Data - 
Based on their Access Rights 
Certification @ Business Unit / Process / 
Control Levels 






r V 


_ r 

- ► 

t Control 

rp 

f Shared Control 

■ 


I Evaluate / Report 

I Test Defined Controls 
I Determine Effectiveness 
I Remediate Controls 


i Procedure 


Sample 

rn 

1=; 

Remediation 
























































W-elcom0 John Ex0c! 


My Portal Edit my profile ? Log out 


IBM Workplace for Business Controls and Reporting 


WBCR Survey Welcome My Workplace Documents Personalization My Finances My Work 


Alphablox Executive View 


Exec Po rta l 


Executive Viev/ 


My Vertical News 


? - n Executive View Detail 


? _ n 


My ToDos 


? _ n 


Regulations 

^ S'/iissc: -' board president sees privatisation v^thin 18 

mcnthi lossible - report 

^ Cfcom to scrap price controls on BT phone calls - report 

^ Cable Franchising Seen As Control Issue 

Business Applications News 

^ -K Etee - IE ' ~! e-■ e = r Contract Extension 

^ SAFE-Bio Pharma Association Announces First Companies to 

Participate in Its Nev^v Launched Vendor Partner Program 

^ InterCare Announces Project Teaming and Preferred 

Implementation Partner Agreement With Novantus 

Corporation 


© MarketWatchr Inc. 2006 


More >> 


My Stocks ? _ n 


Fridayv January 20, 2006 4:03:00 PM EST 



81.36 

-1.73 

-2.08% 

^ ^COMPO 

2,247.70 

-54.11 

-2.35% 

^ $DJI 

10,667.39 

-213.32 

-1.96% 

^ ^SPX 

1,261.49 

-23.55 

-1.83% 


Data delayed at least 20 minutes. 


Get Quote 


Symbol Lookup 


!g: MarketWatchr Inc. 2006 

Intraday data provided by Com Stock, an Interactive Data 
Company. 


Shov/ Executive Viev/ 


^ Business Unit: ACME 
Description: 

Outline: 

Rating: NONE 

Scope: Aggregated-Important 
Ratio na le: 12/ 31/2004 

Owner: John Exec , view role.«. 
Delegates: 


Q High p rlo rlty 

■ Complete AP Process 
documentation revievjf 

■ Complete monthly testing 
procedures 

■ Revievj-Testing Results 

■ Complete procedure evaluation 

■ Complete control evaluation 


Certification: Not Certified 

Business Units For Current Business Unit 


Business Unit 

1 Owner 

AP Operations 

mitsuhiru adachi 

Corporate Governance 

Mary Best 

EMEA Operations 

jean fro id 

IT Controls - CobiT v3 

Viips Admin 

Leo rand 

betsy terrell 

MM02 

hao zhu 

NA Operations* 

peter green 

Operational Risk Group 

Bill Williams 

Page 1 of 1 

Total: 8 Displayed: 8 


Bookmarks ? _ n 

• Securities and Exchange Commission 

• COSO 

• THEIIA 

• AICPA 

• IBM 

• Hong Kong Stock Exchange 


Reminder ? _ n 

Sunday, January 22, 2006 

* 11/2E/2005 

Quarter End Tests Due - 10th day oF 
Aprllj July^ October and January 

* Control Self Assessment Due - last 
day of March, June, September and 
December 


My Weather 


Sunday, January^ 22, 2006 3:18:00 AM GMT 



Raleigh, North Carolfna 

Fog 


? _ n 

Reports Detail 


370 

3S°/5G° 


^ Business Unit: ACME 
Description: 

Outline: 
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WBCR Benefits 


■ Creates a Centralized Control 
Repository for an Organization 

■ Presents a Real Time, Consistent 
View of Control Status 

■ Aligns Control Structure to Risk 
Thresholds and Tolerances 

■ Lowers Costs by Implementing a 
Repeatable Solution 

■ Eases Interaction with Auditors 

■ Saves Auditee Time and Money 

■ Allows Manager to Focus on 
Assessment and Analysis Instead 
of Data Collection for Reporting 


jporting 


Overall Control Effectiveness 


Control Status 


/ 1 



Controls Removed: 
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En 






Controls Not Tested 
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Workplace, Portal and Collaboration Software 


WBCR Implementation Methodology 



I 

I 


Estimated total elapsed time 4 - 6 weeks depending on the scope of the implementation 
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Workplace, Portal and Collaboration Software 


Implementation Plan -- Overview 

■ Develop Plan — During the “Develop Plan” phase the existing functional and 
technical documentation is reviewed and an overall implementation plan is 
developed. In addition to the development of overall and individual 
implementation plan the implementation team is trained. 

■ Install and Test WBCR - During the “Install and Test WBCR” phase, the WBCR 
application components are installed on the appropriate servers. Installation 
includes WBCR and related databases as well as optional installations such as 
IBM Content Manager™, SameTime™, and TeamWorkspace™. This phase is not 
required for customers who choose to utilize IBM’s hosting service. 

■ Configure WBCR - During the “Configure WBCR” phase. Global Settings are 
established and documented and changes to field labels and dropdown lists are 
identified and made. Additionally, customer specific roles are defined and the 
standard roles are modified as necessary. 

■ Migrate Current Data - During the “Migrate Current Data” phase, existing data is 
migrated from current formats (proprietary databases, spreadsheets, etc.) to a 
“WBCR-readable” format. During the process, redundancies in data are identified 
and normalized 

■ Load and Test Data - During the “Load and Test Data” phase, data from current 
and prior control management products (commercial or custom developed) is 
loaded into the Import spreadsheet and loaded into WBCR. 

■ Training and Go-Live - During the “Training and Go-Live” phase, the training plan 
is developed and executed and final actions are completed to move WBCR into 
production. 
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Summary 

■ Control Management is moving from an application 
environment to a platform requirement. 

- Portal/ Role-based security 

- Control Management Framework 

- Content Management 

- Collaboration 

- Control Monitoring Application 

- Reporting and Anaiytics 

■ Leading Analysts recommend focusing on software 
tools that support a broad set of needs (ie. Framework) 

■ Key is the ability to integrate and easily bring together a 
number of diverse technologies. 
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Kc:- 

Workplace for Business Controls and Reporting 


WBCR- Customer Benefits 


■ Supports multiple control management initiatives with a common approach to controls 
documentation, evaluation and reporting using shared controls along with a single controls 
repository 

■ Executive dashboards allow management the ability to actively monitor the controls 
environment on a continuous real-time basis, helping management to assess the effectiveness 
of a company's internal business controls 

■ Quickly get started by importing 3rd party Control Catalogs or procedures directly from MS 
Excel 

■ Enhanced operational efficiency with support for multiple control types, shared controls, 
organizational movement, versioning and import 

■ Increased transparency with support for multiple reporting vendors, executive dashboards, 
and user-based reporting 

■ Simplified execution with sign-off workflow, dynamic updates, and test validation 

■ Integrates multiple collaborative capabilities into a single platform to leverage existing skills 
within your organization and to help drive lower total cost of compliance (TCC) 

■ Provides single-password access to all supported enterprise applications, content, and 
services 

■ Solution from a single vendor that can be extended with other products from the IBM software 
portfolio such as: DB2 Records Manager and Lotus Workplace Collaborative Learning 

■ Business consulting and software services help you started quickly 

■ Extensive worldwide network of business partners 

■ An open, standards-based control management solution designed to help customers reduce 
the total cost of compliance 
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Workplace for Business Controls and Reporting 


IBM Advantage / Differentiators 

■ Minimizing Cost for Managing Risk & Compliance 

■ Stepped Approach for Compliance Challenges 

^ Start with 404 controls, expand into modelling / 
improvements into Financial Business 
Processes 

^ Add 802 Archiving / Retention 

Move to 409 (speed 10k/10Q creation), 
address real-time material event reporting 

■ Common Infrastructure Framework leveraged for 
Multiple Risk & Compliance Initiatives 

Consistent / Easy-to-Use Experiences 
^ Real-Time Information for Decision Makers 
Readiness Status - At a Glance 

■ 24 X 7 X 365 Standard Software Support 


IBM Differentiators 

I o Global Scale and delivery capabilities: 
world’s largest software organization 

I o Integrated services; strategy through 
implementation and operation 

^TOeep industry expertise and 
knowledge of industry processes 

I o Leading-edge Solution Focus on SOX 
and other risk & compliance areas 

□ Deep technology skills 

o Strategic alliances with leading 
technology vendors 

r Premier client list and “track record” of 
success 

I o Focused investment in innovative 
solutions, people development, and 
intellectual capital 
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d^ness Unit or Product Name 


Summary: WBCR helps Customers to Achieve Sustainable 
Compliance 

■ Lower the cost of controls 

■ Competitive IBM pricing 

■ Sustainable long-term solution from trusted reliable 
vendor / partner 

■ Strategic Portal / Workplace platform 

■ Broad Compliance strategy 


— 

IBM: Driving Cost Effective 

.... Sustainable 

.... Extensible Compliance 
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iness UnitiDfi Product Name 


Clients are responsible for ensuring their own compliance with the Sarbanes-Oxley 
Act. It is the client's sole responsibility to obtain advice of competent legal counsel 
as to the identification and interpretation of any relevant laws, including but not 
limited to, the Sarbanes-Oxley Act, that may affect the client's business and any 
actions client may need to take to comply with such laws. IBM does not provide 
legal, accounting or audit advice or represent or warrant that its services or 
products will ensure that client is in compliance with any law. 

The information contained in this documentation is provided for informational 
purposes only. While efforts were made to verify the completeness and accuracy of 
the information provided, it is provided “as is” without warranty of any kind, express 
or implied. IBM shall not be responsible for any damages arising out of the use of, 
or otherwise related to, this documentation or any other documentation. Nothing 
contained in this documentation is intended to, nor shall have the effect of, creating 
any warranties or representations from IBM (or its suppliers or licensors), or 
altering the terms and conditions of the applicable license agreement governing the 
use of IBM software. 
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Questions 


? 










